fix for CVE-2010-0001

author Bdale Garbee <bdale@gag.com>

Wed, 20 Jan 2010 18:45:06 +0000 (07:45 +1300)

committer Bdale Garbee <bdale@gag.com>

Wed, 20 Jan 2010 18:45:06 +0000 (07:45 +1300)
author Bdale Garbee <bdale@gag.com>
Wed, 20 Jan 2010 18:45:06 +0000 (07:45 +1300)
committer Bdale Garbee <bdale@gag.com>
Wed, 20 Jan 2010 18:45:06 +0000 (07:45 +1300)
diff --git a/debian/changelog b/debian/changelog

index 4a5982f7fa03deddfb48a4efb323573e3acb2647..59c62c97149ae758fc76435f7764fab9cb6998ff 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,12 @@
-gzip (1.3.12-9) UNRELEASED; urgency=low
+gzip (1.3.12-9) unstable; urgency=high
  
+  * fix applied for CVE-2010-0001 which identified an integer underflow when 
+    decompressing files that are compressed using the LZW algorithm. This 
+    could lead to the execution of arbitrary code when trying to decompress 
+    a crafted LZW compressed gzip archive.
    * switch to using dh_lintian for override delivery
  
- -- Bdale Garbee <bdale@gag.com>  Thu, 18 Jun 2009 14:15:42 -0600
+ -- Bdale Garbee <bdale@gag.com>  Thu, 21 Jan 2010 07:38:41 +1300
  
  gzip (1.3.12-8) unstable; urgency=low
  
diff --git a/unlzw.c b/unlzw.c

index a330f98d4795f004f15c6e0c2723f3aa2c684f90..daef155c5f183db4ec87243ac5da9087d471169b 100644 (file)
--- a/unlzw.c
+++ b/unlzw.c
@@ -248,7 +248,8 @@ int unlzw(in, out)
         int  o;
  
      resetbuf:
-       e = insize-(o = (posbits>>3));
+       o = posbits >> 3;
+       e = o <= insize ? insize - o : 0;
  
         for (i = 0 ; i < e ; ++i) {
             inbuf[i] = inbuf[i+o];
author	Bdale Garbee <bdale@gag.com>
	Wed, 20 Jan 2010 18:45:06 +0000 (07:45 +1300)
committer	Bdale Garbee <bdale@gag.com>
	Wed, 20 Jan 2010 18:45:06 +0000 (07:45 +1300)
debian/changelog		patch \| blob \| history
unlzw.c		patch \| blob \| history